<?php

// Include the different user types so we can filter out unauthorized users
include("include/dbUserTypes.php");

// Include our user class
include_once("include/user.php");

// Create a variable to store our user if we're validated
$user = null;

// Check if we're in a valid session. If not, go back to main login page.
if( !isset($_SESSION['user']) || $_SESSION['user'] == null ) {
    header("location:main_login.php");
}
else {
    // Unserialize our user to turn it back into a useful object
    $user = unserialize($_SESSION['user']);
}

// If we're not an admin go back to the user redirection page
if( $user->getUserType() != $USERTYPE_ADMIN ) {
    header("location:login_success.php");
}
else
{
    // Connect to our database
    include("include/dbconnection.php");
    
    // Safety first: Clean up the ID to edit
    $editHomeID = mysql_real_escape_string($_GET['id']);    
       
    // Select the property with the ID above, as long as it's not sold (i.e. 0)
    $db_query = "SELECT *
    FROM $TABLE_HOME 
    WHERE $TABLE_HOME_HOMEID = $editHomeID AND $TABLE_HOME_SOLDTO = 0";
    
    
    // Get the results of the query
    $resultSet = mysql_query($db_query);

    // If we didn't get results, go back to the manage listings page.
    // Otherwise show the property's details to edit.
    if(mysql_num_rows($resultSet) == 0)
        header ("location:admin_manageListings.php");
    else
    {
        // Show the user modification form
        $row = mysql_fetch_array($resultSet);
        
        // Set the home ID as a session variable. 
        // This way we know that it was obtained from the DB and it's safe to use
        $_SESSION['homeIdToModify'] = $row[$TABLE_HOME_HOMEID];
        
        // Show the editing form
        include("include/admin/editHomeForm.php");
        
    } // End else statement
    
    // Close the connection
    mysql_close();
    
    
    
}


